fac979f15ffac45089e8e3ef721ab0cf065bbfc654756f7e6a7ac1478dac70a1

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 10:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8ef2e338a0bf7aa3a8c66e1e616631c8.html
Size

432B
MD5

8ef2e338a0bf7aa3a8c66e1e616631c8
SHA1

0668a1564e8fb9808d37ed68a9fc8ee90bc484b1
SHA256

fac979f15ffac45089e8e3ef721ab0cf065bbfc654756f7e6a7ac1478dac70a1
SHA512

16ebd1fa399514fa418fb860f153f6072353f2ad333aa312ca729f5d5b9a92a8da0644446d104a602d62a2c2128243b69b7cb0a5abc29dcfe8ee28a7852b9d7f

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000003fb58cd77272d905eaab035857b6f8d86fde16229f9453ebefc1ebfe9ffff7ac000000000e8000000002000020000000ee057f6315396eca8885162cbf768bfd335529e60717295f38ccf2b5eb38250f20000000548fffcf7308413d68352a20cb585015edead1369381e322821f5fad02f3d6594000000081dc8c5617ec0fcf69439f7d684a3ce4995ed1d19960d852f81859092700c645298ed04a560edcf5cb39694d3b01fb71cdb2b6468c24cac416c941f0422c6b73	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "71291262"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31086423"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086423"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "71291262"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de6221000000000200000000001066000000010000200000004722f12ea26decf4779927f8a394d6983d07499a2c347443060e4aa39247487d000000000e80000000020000200000008e0272d8c64717c3c0ee41e4861770f1711398e1926007ce126ed76e36b5953d20000000fb11d14bb655a32730956559b6c28aa1d9a899c1a67510236f69ad6963f71d22400000000e0e484792ecd161940f761f08119d60e18816d3d936177995c13760b74b3cb14e131ef51cd07939abacc2d2b3961c994f324f7663e31eb98e44b142f3708435	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0f5f0f35657da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f036eff55657da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "75509814"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31086423"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413808364"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000cfa71eb1212ca24fab6a788c17de622100000000020000000000106600000001000020000000770f6ff0f64e5f741aa339dd27ce80c52b0e3093bfd9a3f827bb7adfe89f6491000000000e80000000020000200000000601745d78215a63fa6e0adbb94ddd92028f2fec743b3fcaf09257125c7af1c120000000cac1cc60121a09f29e12e551cf5bce9fa555c6a85246b3eb60729ee57097281840000000cf36c21a843f26174d7f1df577bc35a35d2624d6f448b763f70c6db03abd76d8c8e47ed42ca74d2ad5884a246118572c3ee20af2ee594620f37c8e396de85401	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 507486f35657da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2FD36C91-C34A-11EE-9ECD-5A2E32B6DBC3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4340	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4340	iexplore.exe
4340	iexplore.exe
1452	IEXPLORE.EXE
1452	IEXPLORE.EXE
1452	IEXPLORE.EXE
1452	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 1452	4340	iexplore.exe	85
PID 4340 wrote to memory of 1452	4340	iexplore.exe	85
PID 4340 wrote to memory of 1452	4340	iexplore.exe	85

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8ef2e338a0bf7aa3a8c66e1e616631c8.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4340 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
52bfc02b370f1b48b834ce1c58ad6560

SHA1
d3dbca3ed04caabf69ec8d525a83cde0919809cf

SHA256
fce02a7cb2ed194e21949d8a394e69f1dd30c4c517addc831018b8a0b7235a97

SHA512
5fb4c1b2d4173f5de1237e2fd55b9081b99756217d5d639da3e0e1bbe339d87be2e9b732ef783446bdedee2af8730e4bedb3184d58ba0bce0881ddc199495289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
639e58826e60379c9f8ec23d4bf6a473

SHA1
1a20f1c27b510de747eb18c9c26d8d30ba5dd17e

SHA256
20218686b8e0d3a1f0dc2c3b1da5cd490b9ff44c6484372d603649e28e550799

SHA512
f06cff9ca03e7c7c0166b8c8d283c30f68ae15e938c5e9f33b45f8512a262b3f3c6d0d1c52bce4eb22c55ff745590a7410f2a2ffe7a2bde9f10805e23e5cdf41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\buhspo8\imagestore.dat

Filesize
1KB

MD5
7fb246fb100e89e1ae5622732332480d

SHA1
da2dce88badbc721311b591c37417143eebf7478

SHA256
468cf177d0f3a1af1b3765e44898285c10bccef229dbf6f3451afc4303fc954a

SHA512
91dcbf5b70bd20964b41aa27ec3c7e029b465c01a35bb5514e22b6f3c6172b9fd6c86c0128532a8dd885c73e96d689f84414bcf5686728a46fba346682e83243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\buhspo8\imagestore.dat

Filesize
16KB

MD5
b0d072f11afb46e961adb3a37bbdb629

SHA1
5a3967f850176419c4a4ba17f8324f2327bb57d5

SHA256
ca13d8736647ef9679cd9cc090d1f6537617fd16f4ef14918a4528e4976fda32

SHA512
bddd549d60869039074cdf2f83c3126be7a3bbd72e1a26c79d5694917b40d0a607b1a064c3997ebcb860248f2fdaa98b2b1785eee93e018ecc7102074b8fe02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0SGFK56Z\sedo_logo[1].ico

Filesize
14KB

MD5
def00c11b1596db4efee6a9fbe64fc27

SHA1
bd298981e6d8d7e4ffa18abcf687041f4246672d

SHA256
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4

SHA512
c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ISEWAASI\favicon[1].ico

Filesize
1KB

MD5
91abe01116ab422c598e9c8af72cf4da

SHA1
0f2815fe8e067d48537ad168225ab4674271fa27

SHA256
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc

SHA512
a4d5b20c3014153b6b382c43404917bd2cb5bd2a59bb1e981f5a19eb7dbdec185ace288e9700428d24e5ac623e45d04905e706f0c45a1642b1aa6c091213c23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit